A gentle reminder to the readers here at HN that it doesn't have to be this way.
Computer Security is a solved problem[1], and has been so since the 1980s[2].
It's my strong opinion that the only methods you've seen to this point[3-7] were deliberately chosen to be ones that don't work, and make things worse in the long run.
There's no reason we shouldn't be able to run what we want on our hardware, without having to trust anything other than the microkernel inside the operating systems.
[1] https://en.wikipedia.org/wiki/Capability-based_security
[2] https://en.wikipedia.org/wiki/Capability-based_operating_sys...
[3] https://en.wikipedia.org/wiki/User_Account_Control
[4] https://en.wikipedia.org/wiki/AppArmor
[5] https://en.wikipedia.org/wiki/Security-Enhanced_Linux
[6] https://en.wikipedia.org/wiki/Application_permissions
[7] https://en.wikipedia.org/wiki/Trusted_Platform_Module
Your opinion is not "a gentle reminder", "a friendly reminder" or "a public service announcement". It's just your opinion and nothing more.
It's obvious you don't understand what is written in those links. The capability security architecture breaks the false dichotomy of either having to have a fully locked down or open operating system, it provides the technical foundation to grant individual programs, and even parts of these programs, recursively, only the (data, filesystem, network) access and resource consumption (cpu, memory) rights that they need. This is not an opinion, this is a decades old technical solution that humanity ignores at its own peril. While I wouldn't argue that it completely solves computer security, it allows programmers and users to minimize the attack surface of their systems.